Package impact

Maven / com.liferay.portal:release.portal.bom

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2017-12649	medium	6.1	6.1				9y ago	Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display
CVE-2017-12648	medium	6.1	6.1				9y ago	Liferay Portal XSS Vulnerability
CVE-2017-12647	medium	6.1	6.1				9y ago	Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title
CVE-2017-12646	medium	6.1	6.1				9y ago	Liferay Portal XSS Vulnerability
CVE-2017-12645	medium	6.1	6.1				9y ago	Liferay Portal Vulnerable to XSS via an Invalid portletId
CVE-2016-10404	medium	6.1	6.1				9y ago	Liferay Portal Vulnerable to XSS via a Crafted Redirect Field
CVE-2025-4655	medium	5.0	5.0				10mo ago	Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
CVE-2020-7934	unknown	—	1.0				4y ago	Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet
CVE-2019-6588	unknown	—	1.0				4y ago	Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API
CVE-2025-62264	unknown	—	—				7mo ago	Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter
CVE-2025-62265	unknown	—	—				7mo ago	Liferay Portal is vulnerable to XSS in the Blogs widget
CVE-2025-62266	unknown	—	—				7mo ago	Liferay Portal is vulnerable to DNS rebinding attacks
CVE-2025-62257	unknown	—	—				7mo ago	Liferay Portal vulnerable to password enumeration
CVE-2025-62258	unknown	—	—				7mo ago	Liferay Portal Vulnerable to CSRF in Headless APIs
CVE-2025-62259	unknown	—	—				7mo ago	Liferay Portal Does Not Limit Access to APIs Before Email Verification
CVE-2025-62260	unknown	—	—				7mo ago	Liferay Portal Vulnerable to DoS via Crafted Headless API Request
CVE-2025-62261	unknown	—	—				7mo ago	Liferay Portal Stores Password Reset Tokens in Plain Text
CVE-2025-43830	unknown	—	—				8mo ago	Liferay Portal is vulnerable to Stored XSS through Forms text type field
CVE-2025-43823	unknown	—	—				8mo ago	Liferay Portal is vulnerable to XSS through its Commerce Search Result widget
CVE-2025-43822	unknown	—	—				8mo ago	Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page
CVE-2025-43824	unknown	—	—				8mo ago	Liferay Profile Widget does not prevent vCard extension spoofing
CVE-2025-43826	unknown	—	—				8mo ago	Liferay Portal Vulnerable to XSS in Web Content translation
CVE-2025-43820	unknown	—	—				8mo ago	Liferay Portal vulnerable to cross-site scripting in the Calendar widget
CVE-2025-43812	unknown	—	—				8mo ago	Liferay Portal vulnerable to cross-site scripting in the web content template
CVE-2025-43817	unknown	—	—				8mo ago	Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter
CVE-2025-43813	unknown	—	—				8mo ago	Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
CVE-2025-43799	unknown	—	—				9mo ago	Liferay Portal Uses Default Password
CVE-2025-43785	unknown	—	—				9mo ago	Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
CVE-2025-43776	unknown	—	—				9mo ago	Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting
CVE-2025-43760	unknown	—	—				10mo ago	Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect
CVE-2025-43752	unknown	—	—				10mo ago	Liferay Portal's Unlimited File Upload Could Result in DoS
CVE-2025-43754	unknown	—	—				10mo ago	Liferay Portal Username Enumeration Vulnerability
CVE-2025-43756	unknown	—	—				10mo ago	Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter
CVE-2025-43746	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping
CVE-2025-43757	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter
CVE-2025-43748	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Request Forgery
CVE-2025-43749	unknown	—	—				10mo ago	Liferay Portal Unauthenticated File Access via URL
CVE-2025-43741	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter
CVE-2025-43743	unknown	—	—				10mo ago	Liferay Portal Enumeration Discrepancy in Calendars
CVE-2025-43744	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels
CVE-2025-43745	unknown	—	—				10mo ago	Liferay Portal CSRF Vulnerability via Endpoint Parameter
CVE-2025-43740	unknown	—	—				10mo ago	Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature
CVE-2025-43731	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting
CVE-2025-3639	unknown	—	—				10mo ago	Liferay Portal Login Bypass Vulnerability
CVE-2025-43734	unknown	—	—				10mo ago	Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability
CVE-2025-43735	unknown	—	—				10mo ago	Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability
CVE-2025-43736	unknown	—	—				10mo ago	Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability
CVE-2025-4581	unknown	—	—				10mo ago	Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
CVE-2025-3760	unknown	—	—				1y ago	Liferay Cross-site Scripting vulnerability
CVE-2025-2565	unknown	—	—				1y ago	Liferay Portal and Liferay DXP Reveals Data via Forms
CVE-2025-2536	unknown	—	—				1y ago	Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
CVE-2023-37940	unknown	—	—				2y ago	Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
CVE-2024-11993	unknown	—	—				2y ago	Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
CVE-2024-26272	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
CVE-2024-26271	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
CVE-2024-26273	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
CVE-2024-38002	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
CVE-2024-8980	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console
CVE-2023-47795	unknown	—	—				2y ago	Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2024-25151	unknown	—	—				2y ago	Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
CVE-2024-26269	unknown	—	—				2y ago	Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
CVE-2024-25603	unknown	—	—				2y ago	Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2024-26266	unknown	—	—				2y ago	Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2023-42498	unknown	—	—				2y ago	Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2024-25147	unknown	—	—				2y ago	Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
CVE-2024-25602	unknown	—	—				2y ago	Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
CVE-2024-25152	unknown	—	—				2y ago	Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2024-25601	unknown	—	—				2y ago	Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2023-40191	unknown	—	—				2y ago	Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2023-42496	unknown	—	—				2y ago	Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2024-26270	unknown	—	—				2y ago	Liferay Portal and Liferay DXP vulnerable to theft of hashed password
CVE-2024-26268	unknown	—	—				2y ago	Liferay Portal and Liferay DXP User Enumeration Vulnerability
CVE-2024-25610	unknown	—	—				2y ago	Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
CVE-2024-26267	unknown	—	—				2y ago	Liferay Portal and Liferay DXP HTTP Header Can Expose Versions
CVE-2024-26265	unknown	—	—				2y ago	Liferay Portal vulnerable to Denial of Service
CVE-2024-25607	unknown	—	—				2y ago	Liferay Portal defaults to a low work factor for the default password hashing algorithm
CVE-2024-25608	unknown	—	—				2y ago	Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
CVE-2024-25609	unknown	—	—				2y ago	Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes
CVE-2024-25606	unknown	—	—				2y ago	Liferay Portal has an XXE vulnerability in Java2WsddTask._format
CVE-2024-25604	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions
CVE-2024-25605	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API
CVE-2024-25150	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
CVE-2024-25149	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options
CVE-2023-5190	unknown	—	—				2y ago	Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
CVE-2022-45320	unknown	—	—				2y ago	Privilege escalation in Liferay Portal
CVE-2024-25146	unknown	—	—				2y ago	Liferay Portal allows attackers to discover the existence of sites
CVE-2024-25144	unknown	—	—				2y ago	Liferay Portal denial-of-service vulnerability
CVE-2024-25148	unknown	—	—				2y ago	Liferay Portal vulnerable to user impersonation
CVE-2023-47798	unknown	—	—				2y ago	Liferay Portal's account lockout does not invalidate existing user sessions
CVE-2024-25145	unknown	—	—				2y ago	Liferay Portal stored cross-site scripting (XSS) vulnerability
CVE-2024-25143	unknown	—	—				2y ago	Liferay Portal denial of service (memory consumption)
CVE-2023-47797	unknown	—	—				3y ago	Liferay Portal XSS with `p_l_back_url_title` on edit content page
CVE-2023-3193	unknown	—	—				3y ago	Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module
CVE-2023-35029	unknown	—	—				3y ago	Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module
CVE-2023-35030	unknown	—	—				3y ago	Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
CVE-2023-33949	unknown	—	—				3y ago	Insecure Default Initialization In Liferay Portal
CVE-2023-33945	unknown	—	—				3y ago	SQL injection in Liferay Portal
CVE-2023-33950	unknown	—	—				3y ago	Liferay Portal has Inefficient Regular Expression
CVE-2023-33947	unknown	—	—				3y ago	Liferay portal has unauthorized access to object definition via search
CVE-2023-33948	unknown	—	—				3y ago	Missing authorization in Liferay portal